Hackers upgrade their skills every single day. The more difficult it gets, the better they become. They never quit. They sometimes resort to brute-force hacking their way through every nook and cranny they can squeeze into or find alternatives to game or bypass it. Patience is one of their strong virtues, and often times invest weeks and months scheming and perfecting their methodology.
Cybersecurity personnel are aware that their techniques are improving and getting stronger each and every day and become more sophisticated evertime they devise a new algorithm to circumvent current trends in technology. If it doesn’t work the first time, it doesnt distract them from their main focus and just bring on their best. Hence, new trends arise from their persistence.
2016 is a new year for them to conquer and here is what is to be expected.
News circulated during the last quarter of 2014 following the Sony hack that was introduced, where attempts to contain their cyber playground to spread, it instead was predicted to increase. The shakedown attempt pertaining to ransomware attacks, wherein which the culprits devised a plan that uses malware to encrypt or lockdown the computers’ functionality. Basically it is a ransom type deal. Pretty much summing it up, regular computer users are being extorted to pay for a certain fee. Up to the extent of being threatened to release sensitive information coming from a personal or company computer. Regardless of having backup copies, they are often cornered due to the fact that they want to avoid public release of their data that might compromise their reputation and their customers and other pertinent sensitive information.
There is a major flaw with regards to tracking down these cyberattack. In cases that that the victim pays up, very rare that people report that the transaction/extortion happened. a few sensationalized extorion hacks have surfaced all over the news last 2015 involving Ashley Madison, which had a major effect and took down its CEO with it and up to a certain extent exposed millions of would-be cheating husbands, wives, partners and all sorts. This would escalate to public humiliation. The second one was the hack that gained access to InvestBank of UAE which in turn exposed the customer account information. They mainly prey on the worst possible scenario fears of companies, thus is not delicately handled would result to customer lawsuits, exposure of company sensitive information and loss of jobs. This year is no different and bolder moves are to be expected.
Cyber Attacks That Manipulate or Alter Data
According to the Director of National Intelligence, James Clapper, his testimony informed Congress that some complex cyber operations are intended to alter or manipulate digitally transmitted data to ultimately compromise data integrity. Their plan is instead of hijacking, deleting or public release is not even close to the havoc it would produce. According to Mike Rogers, who is the head of the NSA and Cyber Command shares the same valuable insight. As of the moment, most of the threat focuses on theft and extortion, but Rogers said. “But what if someone gets in the system and starts manipulating and changing data, to the point where now as an operator, you no longer believe what you’re seeing in your system?”
Data Sabotage is a threat that is far worse and is more complicated. Detection is far more difficult. Remember Stuxnet? It is a malicious computer worm believed to be a jointly built American-Israeli cyber weapon. Although neither state has confirmed this openly. These alterations can be very small but possesses enormous consequences and damage. Way back there was a Lotus 123 glitch in the 90’s that resulted in miscalculations in acconting spreadsheets if done in a certain condition. Although it is an unforseen developer error, hackers could gain access into financial and stock-trading system and alter data which could manipulate stock prices to fluctuate.
These are certainly frightening because these attacks which capitalizes on software glitches can reusult to death. There once was an incident in Saudi Arabia during the first Gulf War (1991), wherein a Patriot missile failed to intercept a Scud missile due to the bug on the weapons controls, which resulted to hitting an army barracks killing 28 soldiers. Although it was a software bug, Chinese spies are slowly creeping in and invaded an undisclosed US defense contractor networks during the last decade. This particularly raises hightened concerns among US military officials. Now, it is not just stealing blueprints to build exact replicas and build better ones. Now they might be capable of altering or injecting code intended for sabotage which compromises the integrity of the system and the weapons with regards to its function and operation.
Whenever security is tighened and closes a security breach, hackers find other avenues to exploit and gain access. There was a time when retailers stopped storing credit card numbers and transactions in databases. It involves hackers sniffing the network to grab the unsecured data realtime while it is being transmitted to the banks for authentication. Eventually, they began to encrypt the data during transit to prevent sniffing. The hackers solution was simple, they installed malware on POS readers to grab the data while it is being swiped and even before the system has encrypted the data. Their breakthrough technology was the chip-and-PIN cards system.
The newer cards contain a microchip that authenticates that it is a legitimate bank card and at the same time generates a one-time code with each purchase thus preventing hackers from embossing stolen data and cloning the cards. Although it prevents cloned cards from purchasing via actual stores, but it does not deter them from shifting their efforts to online retailers. In the UK, card purchases in person has dropped dramatically since 2003 when they began to use the chip-and-PIN system, but for for card-not-present transactions which basically how online transactions work, it baloooned from 30 to 90 percent of total card fraud from 2004 to 2014. This data is acording to the UK Payment Administration. PIN nor a signature is needed from customers when using their cards online, so by stealing card information is enough to jumpstart this fraud scheme, hence the rise in the fraud data in the US also.
The Rise of the IoT Zombie Botnet and Botnet variants
Many say that year 2015 is the year of the Internet of Things; but, it also is the year of the internet getting hacked all over. Any device that interfaces with the internet or mobile device is vulnerable to attacks which includes and not limited to the following: cars, medical gadgets and devices, skateboards, Barbie Dolls, GPS etc.
Although 2015 is a good year for proof-of-concept attack against ioT devices, we will see more of these conceptualized attacks to become a reality. There is a growing trend showing in the hijacking of the said devices for botnets. Instead of hijacking just computers for their tasks, they will basically commandeer all IoT devices for ther botnet networks including ip CCTV cameras, smart TV and other systems llike your home security and automation systems. There are reports that some CCTV systems have already been compromised and turned into armies of botnets which in turn have initiated DDoS attacks against banks and financial institutions and other targets. Compared to computers and laptops used for the said task, it would be harder to trace if your other internet appliances are used for the same deeds.
There are More Backdoors
The last quarter of 2015 revealed that some Juniper Network with certain firmwares on some of its firewalls contained a backdoor cleverly installed by some stealthy hackers. This certain backdoor gives them the capability to decrypt the protected data traffic passing through their VPN passing through the Juniper firewall. It implies that it is a nation-state attacker as the culprit since only a government agency would have the capacity, capability and resources to intercept vast amounts of VPN-related traffic for them to benifit from the said backdoor. It is rumored that the backdoor was based on one attributed to the NSA.
Clearly, there is no reliable nor proven evidence that the Juniper backdoor was installed by NSA. It might be that an agency that has NSA capabilities or NSA spying partners from a different country cleverly installed it. one this is certain, companies are now aware that such a backdoor is possible and runs in their system. Clearly they know how it would operate and where the weak points are. The said incident with Juniper shows that backdoors intended for US law enforcement and intelligence agencies can possibly be undermined or exploited by others for their malicious intent. Do not expect the FBI and NSA to stop trying this 2016.
As we value quality over quantity, we have focused our unified I.T. services to Small and Medium businesses only to Arizona specifically in Phoenix, Scottsdale, Glendale Metro areas.
Our technicians are available the very instant you call us; thereby, ensuring no interruption of your usual business operations. In case you can’t access our contact page, our phone support is always available to cater to your calls. Just give us a ring at 480-464-0202.